Over 100 LTE, 5G vulnerabilities threaten widespread communications disruptions

All cellular services could be disrupted at a city-wide level with the exploitation of 119 security flaws impacting nearly a dozen LTE and 5G implementations discovered through the RANsacked fuzzing exercise, which involved the targeting of Radio Access Network-Core interfaces, according to The Hacker News.

Threat actors could also leverage all of the vulnerabilities to enable cellphone location tracking and connection detail exfiltration that could be used for more targeted intrusions, a study from University of Florida and North Carolina State University researchers revealed. Most of the security bugs have been observed in Mobile Management Entity implementations, while 25 of the identified flaws could be exploited to allow Non-Access Stratum pre-authentication attacks with an arbitrary device. "The introduction of home-use femtocells, followed by more easily-accessible gNodeB base stations in 5G deployments, represent a further shift in security dynamics: where once physically locked-down, RAN equipment is now openly exposed to physical adversarial threats," said the report.